CVE-2020-11152 - Vulnerability Details

Description

Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Published: 2021-01-21

Score: 6.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

affected

Version	Status	Constraints
APQ8009W, APQ8017, APQ8037, APQ8052, APQ8053, APQ8056, APQ8076, APQ8096AU, AQT1000, AR8031, CSRA6620, CSRA6640, MSM8909W, MSM8916, MSM8917, MSM8920, MSM8937, MSM8940, MSM8952, MSM8953, MSM8956, MSM8976, MSM8976SG, MSM8996AU, PM439, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM8004, PM8005, PM855, PM855A, PM855B, PM855L, PM855P, PM8916, PM8937, PM8940, PM8952, PM8953, PM8956, PM8998, PMD9655, PMI632, PMI8937, PMI8952, PMI8998, PMM8996AU, PMX24, PMX50, QAT3514, QAT3522, QAT3550, QBT1000, QBT1500, QBT2000, QCA6174A, QCA6310, QCA6320, QCA6420, QCA6430, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6584AU, QCA8337, QCA9377, QCC1110, QCS405, QCS603, QCS605, QET4100, QET4101, QET5100, QET5100M, QFE2080FC, QFE2081FC, QFE2082FC, QFE2101, QFE2550, QFE3100, QFE3440FC, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFE4455FC, QFE4465FC, QLN1035BD, QPA4340, QPA4360, QPA5460, QSW8573, QTC800H, QTC800S, QTC800T, QTC801S, RGR7640AU, RSW8577, SD 636, SD 8CX, SD439, SD450, SD660, SD ...[truncated*]	affected	—

Configuration 1 [-]

OR	cpe:2.3:h:qualcomm:apq8009w:-:::::::*
	cpe:2.3:h:qualcomm:apq8017:-:::::::*
	cpe:2.3:h:qualcomm:apq8037:-:::::::*
	cpe:2.3:h:qualcomm:apq8052:-:::::::*
	cpe:2.3:h:qualcomm:apq8053:-:::::::*
	cpe:2.3:h:qualcomm:apq8056:-:::::::*
	cpe:2.3:h:qualcomm:apq8076:-:::::::*
	cpe:2.3:h:qualcomm:apq8096au:-:::::::*
	cpe:2.3:h:qualcomm:aqt1000:-:::::::*
	cpe:2.3:h:qualcomm:ar8031:-:::::::*
	cpe:2.3:h:qualcomm:csra6620:-:::::::*
	cpe:2.3:h:qualcomm:csra6640:-:::::::*
	cpe:2.3:h:qualcomm:msm8909w:-:::::::*
	cpe:2.3:h:qualcomm:msm8916:-:::::::*
	cpe:2.3:h:qualcomm:msm8917:-:::::::*
	cpe:2.3:h:qualcomm:msm8920:-:::::::*
	cpe:2.3:h:qualcomm:msm8937:-:::::::*
	cpe:2.3:h:qualcomm:msm8940:-:::::::*
	cpe:2.3:h:qualcomm:msm8952:-:::::::*
	cpe:2.3:h:qualcomm:msm8953:-:::::::*
	cpe:2.3:h:qualcomm:msm8956:-:::::::*
	cpe:2.3:h:qualcomm:msm8976:-:::::::*
	cpe:2.3:h:qualcomm:msm8976sg:-:::::::*
	cpe:2.3:h:qualcomm:msm8996au:-:::::::*
	cpe:2.3:h:qualcomm:pm439:-:::::::*
	cpe:2.3:h:qualcomm:pm660:-:::::::*
	cpe:2.3:h:qualcomm:pm660a:-:::::::*
	cpe:2.3:h:qualcomm:pm660l:-:::::::*
	cpe:2.3:h:qualcomm:pm670:-:::::::*
	cpe:2.3:h:qualcomm:pm670a:-:::::::*
	cpe:2.3:h:qualcomm:pm670l:-:::::::*
	cpe:2.3:h:qualcomm:pm8004:-:::::::*
	cpe:2.3:h:qualcomm:pm8005:-:::::::*
	cpe:2.3:h:qualcomm:pm855:-:::::::*
	cpe:2.3:h:qualcomm:pm855a:-:::::::*
	cpe:2.3:h:qualcomm:pm855b:-:::::::*
	cpe:2.3:h:qualcomm:pm855l:-:::::::*
	cpe:2.3:h:qualcomm:pm855p:-:::::::*
	cpe:2.3:h:qualcomm:pm8916:-:::::::*
	cpe:2.3:h:qualcomm:pm8937:-:::::::*
	cpe:2.3:h:qualcomm:pm8940:-:::::::*
	cpe:2.3:h:qualcomm:pm8952:-:::::::*
	cpe:2.3:h:qualcomm:pm8953:-:::::::*
	cpe:2.3:h:qualcomm:pm8956:-:::::::*
	cpe:2.3:h:qualcomm:pm8998:-:::::::*
	cpe:2.3:h:qualcomm:pmd9655:-:::::::*
	cpe:2.3:h:qualcomm:pmi632:-:::::::*
	cpe:2.3:h:qualcomm:pmi8937:-:::::::*
	cpe:2.3:h:qualcomm:pmi8952:-:::::::*
	cpe:2.3:h:qualcomm:pmi8998:-:::::::*
	cpe:2.3:h:qualcomm:pmm8996au:-:::::::*
	cpe:2.3:h:qualcomm:pmx24:-:::::::*
	cpe:2.3:h:qualcomm:pmx50:-:::::::*
	cpe:2.3:h:qualcomm:qat3514:-:::::::*
	cpe:2.3:h:qualcomm:qat3522:-:::::::*
	cpe:2.3:h:qualcomm:qat3550:-:::::::*
	cpe:2.3:h:qualcomm:qbt1000:-:::::::*
	cpe:2.3:h:qualcomm:qbt1500:-:::::::*
	cpe:2.3:h:qualcomm:qbt2000:-:::::::*
	cpe:2.3:h:qualcomm:qca6174a:-:::::::*
	cpe:2.3:h:qualcomm:qca6310:-:::::::*
	cpe:2.3:h:qualcomm:qca6320:-:::::::*
	cpe:2.3:h:qualcomm:qca6420:-:::::::*
	cpe:2.3:h:qualcomm:qca6430:-:::::::*
cpe:2.3:h:qualcomm:qca6564a:-:::::::*
cpe:2.3:h:qualcomm:qca6564au:-:::::::*
cpe:2.3:h:qualcomm:qca6574a:-:::::::*
cpe:2.3:h:qualcomm:qca6574au:-:::::::*
cpe:2.3:h:qualcomm:qca6584au:-:::::::*
cpe:2.3:h:qualcomm:qca8337:-:::::::*
cpe:2.3:h:qualcomm:qca9377:-:::::::*
cpe:2.3:h:qualcomm:qcc1110:-:::::::*
cpe:2.3:h:qualcomm:qcs405:-:::::::*
cpe:2.3:h:qualcomm:qcs603:-:::::::*
cpe:2.3:h:qualcomm:qcs605:-:::::::*
cpe:2.3:h:qualcomm:qet4100:-:::::::*
cpe:2.3:h:qualcomm:qet4101:-:::::::*
cpe:2.3:h:qualcomm:qet5100:-:::::::*
cpe:2.3:h:qualcomm:qet5100m:-:::::::*
cpe:2.3:h:qualcomm:qfe2080fc:-:::::::*
cpe:2.3:h:qualcomm:qfe2081fc:-:::::::*
cpe:2.3:h:qualcomm:qfe2082fc:-:::::::*
cpe:2.3:h:qualcomm:qfe2101:-:::::::*
cpe:2.3:h:qualcomm:qfe2550:-:::::::*
cpe:2.3:h:qualcomm:qfe3100:-:::::::*
cpe:2.3:h:qualcomm:qfe3440fc:-:::::::*
cpe:2.3:h:qualcomm:qfe4301:-:::::::*
cpe:2.3:h:qualcomm:qfe4302:-:::::::*
cpe:2.3:h:qualcomm:qfe4303:-:::::::*
cpe:2.3:h:qualcomm:qfe4305:-:::::::*
cpe:2.3:h:qualcomm:qfe4308:-:::::::*
cpe:2.3:h:qualcomm:qfe4309:-:::::::*
cpe:2.3:h:qualcomm:qfe4320:-:::::::*
cpe:2.3:h:qualcomm:qfe4373fc:-:::::::*
cpe:2.3:h:qualcomm:qfe4455fc:-:::::::*
cpe:2.3:h:qualcomm:qfe4465fc:-:::::::*
cpe:2.3:h:qualcomm:qln1035bd:-:::::::*
cpe:2.3:h:qualcomm:qpa4340:-:::::::*
cpe:2.3:h:qualcomm:qpa4360:-:::::::*
cpe:2.3:h:qualcomm:qpa5460:-:::::::*
cpe:2.3:h:qualcomm:qsw8573:-:::::::*
cpe:2.3:h:qualcomm:qtc800h:-:::::::*
cpe:2.3:h:qualcomm:qtc800s:-:::::::*
cpe:2.3:h:qualcomm:qtc800t:-:::::::*
cpe:2.3:h:qualcomm:qtc801s:-:::::::*
cpe:2.3:h:qualcomm:rgr7640au:-:::::::*
cpe:2.3:h:qualcomm:rsw8577:-:::::::*
cpe:2.3:h:qualcomm:sd439:-:::::::*
cpe:2.3:h:qualcomm:sd450:-:::::::*
cpe:2.3:h:qualcomm:sd636:-:::::::*
cpe:2.3:h:qualcomm:sd660:-:::::::*
cpe:2.3:h:qualcomm:sd710:-:::::::*
cpe:2.3:h:qualcomm:sd712:-:::::::*
cpe:2.3:h:qualcomm:sd835:-:::::::*
cpe:2.3:h:qualcomm:sd855:-:::::::*
cpe:2.3:h:qualcomm:sd8cx:-:::::::*
cpe:2.3:h:qualcomm:sdm630:-:::::::*
cpe:2.3:h:qualcomm:sdm830:-:::::::*
cpe:2.3:h:qualcomm:sdr051:-:::::::*
cpe:2.3:h:qualcomm:sdr052:-:::::::*
cpe:2.3:h:qualcomm:sdr660:-:::::::*
cpe:2.3:h:qualcomm:sdr8150:-:::::::*
cpe:2.3:h:qualcomm:sdw2500:-:::::::*
cpe:2.3:h:qualcomm:sdw3100:-:::::::*
cpe:2.3:h:qualcomm:sdx24:-:::::::*
cpe:2.3:h:qualcomm:sdx50m:-:::::::*
cpe:2.3:h:qualcomm:smb1351:-:::::::*
cpe:2.3:h:qualcomm:smb1355:-:::::::*
cpe:2.3:h:qualcomm:smb1358:-:::::::*
cpe:2.3:h:qualcomm:smb1360:-:::::::*
cpe:2.3:h:qualcomm:smb1380:-:::::::*
cpe:2.3:h:qualcomm:smb1381:-:::::::*
cpe:2.3:h:qualcomm:smb1390:-:::::::*
cpe:2.3:h:qualcomm:smb231:-:::::::*
cpe:2.3:h:qualcomm:wcd9306:-:::::::*
cpe:2.3:h:qualcomm:wcd9326:-:::::::*
cpe:2.3:h:qualcomm:wcd9330:-:::::::*
cpe:2.3:h:qualcomm:wcd9335:-:::::::*
cpe:2.3:h:qualcomm:wcd9340:-:::::::*
cpe:2.3:h:qualcomm:wcd9341:-:::::::*
cpe:2.3:h:qualcomm:wcd9360:-:::::::*
cpe:2.3:h:qualcomm:wcn3610:-:::::::*
cpe:2.3:h:qualcomm:wcn3615:-:::::::*
cpe:2.3:h:qualcomm:wcn3620:-:::::::*
cpe:2.3:h:qualcomm:wcn3660b:-:::::::*
cpe:2.3:h:qualcomm:wcn3680b:-:::::::*
cpe:2.3:h:qualcomm:wcn3950:-:::::::*
cpe:2.3:h:qualcomm:wcn3980:-:::::::*
cpe:2.3:h:qualcomm:wcn3990:-:::::::*
cpe:2.3:h:qualcomm:wcn3998:-:::::::*
cpe:2.3:h:qualcomm:wcn3999:-:::::::*
cpe:2.3:h:qualcomm:wgr7640:-:::::::*
cpe:2.3:h:qualcomm:whs9410:-:::::::*
cpe:2.3:h:qualcomm:wsa8810:-:::::::*
cpe:2.3:h:qualcomm:wsa8815:-:::::::*
cpe:2.3:h:qualcomm:wtr2955:-:::::::*
cpe:2.3:h:qualcomm:wtr2965:-:::::::*
cpe:2.3:h:qualcomm:wtr3925:-:::::::*
cpe:2.3:h:qualcomm:wtr4905:-:::::::*
cpe:2.3:h:qualcomm:wtr5975:-:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2020-3506	Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00028.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin
https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

History

No history.

Subscriptions

Qualcomm Apq8009w Apq8017 Apq8037 Apq8052 Apq8053 Apq8056 Apq8076 Apq8096au Aqt1000 Ar8031 Csra6620 Csra6640 Msm8909w Msm8916 Msm8917 Msm8920 Msm8937 Msm8940 Msm8952 Msm8953 Msm8956 Msm8976 Msm8976sg Msm8996au Pm439 Pm660 Pm660a Pm660l Pm670 Pm670a Pm670l Pm8004 Pm8005 Pm855 Pm855a Pm855b Pm855l Pm855p Pm8916 Pm8937 Pm8940 Pm8952 Pm8953 Pm8956 Pm8998 Pmd9655 Pmi632 Pmi8937 Pmi8952 Pmi8998 Pmm8996au Pmx24 Pmx50 Qat3514 Qat3522 Qat3550 Qbt1000 Qbt1500 Qbt2000 Qca6174a Qca6310 Qca6320 Qca6420 Qca6430 Qca6564a Qca6564au Qca6574a Qca6574au Qca6584au Qca8337 Qca9377 Qcc1110 Qcs405 Qcs603 Qcs605 Qet4100 Qet4101 Qet5100 Qet5100m Qfe2080fc Qfe2081fc Qfe2082fc Qfe2101 Qfe2550 Qfe3100 Qfe3440fc Qfe4301 Qfe4302 Qfe4303 Qfe4305 Qfe4308 Qfe4309 Qfe4320 Qfe4373fc Qfe4455fc Qfe4465fc Qln1035bd Qpa4340 Qpa4360 Qpa5460 Qsw8573 Qtc800h Qtc800s Qtc800t Qtc801s Rgr7640au Rsw8577 Sd439 Sd450 Sd636 Sd660 Sd710 Sd712 Sd835 Sd855 Sd8cx Sdm630 Sdm830 Sdr051 Sdr052 Sdr660 Sdr8150 Sdw2500 Sdw3100 Sdx24 Sdx50m Smb1351 Smb1355 Smb1358 Smb1360 Smb1380 Smb1381 Smb1390 Smb231 Wcd9306 Wcd9326 Wcd9330 Wcd9335 Wcd9340 Wcd9341 Wcd9360 Wcn3610 Wcn3615 Wcn3620 Wcn3660b Wcn3680b Wcn3950 Wcn3980 Wcn3990 Wcn3998 Wcn3999 Wgr7640 Whs9410 Wsa8810 Wsa8815 Wtr2955 Wtr2965 Wtr3925 Wtr4905 Wtr5975

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2021-01-21T09:41:19.000Z

Updated: 2024-08-04T11:28:12.405Z

Reserved: 2020-03-31T00:00:00.000Z

Link: CVE-2020-11152

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-01-21T10:15:13.947

Modified: 2024-11-21T04:56:56.840

Link: CVE-2020-11152

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-362

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object